CVE-2022-22175

Summary

An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated networked attacker to cause a flowprocessing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue can occur in a scenario where the SIP ALG is enabled and specific SIP messages are being processed simultaneously. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OSunspecified < 20.4R1unaffected
Juniper NetworksJunos OS20.4 < 20.4R3-S1affected
Juniper NetworksJunos OS21.1 < 21.1R2-S2, 21.1R3affected
Juniper NetworksJunos OS21.2 < 21.2R1-S2, 21.2R2affected
Juniper NetworksJunos OS21.3 < 21.3R1-S1, 21.3R2affected

Weaknesses

  • CWE-667: CWE-667 Improper Locking
  • Denial of Service (DoS)

Workarounds

There are no viable workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

References